Created
December 31, 2019 14:36
-
-
Save beauwoods/64a964c062394e8797470e366e276963 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## How to install pihole, piVPN, and Duo on a | |
## Raspberry Pi. | |
## Recommend setting up raspi with ethernet to | |
## the router, rather than wifi. That makes the | |
## setup more reliable. Once it’s on and you’re | |
## at a command line, begin below. | |
## First to take care of some basics. | |
## - Change the password | |
## - Update raspbian | |
## - Install sshd | |
## - Change ssh port in /etc/ssh/sshd_config | |
## (optional step to increase security) | |
passwd | |
sudo apt-get update | |
sudo apt-get upgrade | |
sudo apt-get dist-upgrade | |
sudo apt-get install ssh | |
## Follow the setup instructions at | |
## http://pi-hole.net | |
curl -sSL https://install.pi-hole.net | bash | |
## Follow the setup instructions at | |
## http://pivpn.io and the FAQ at | |
## https://github.com/pivpn/pivpn/wiki/FAQ | |
## - During setup, use a non-standard VPN port | |
## (optional step to increase security) | |
curl -L https://install.pivpn.io | bash | |
## Turn on pihole DHCP server (in web GUI) | |
## On your router: | |
## - Disable the DHCP server | |
## - Forward inbound connections to piVPN | |
## (default is UDP port 1194) | |
## Easy-to-miss in the pivpn setup | |
## instructions for use with pihole. Add the | |
## following lines to the /etc/dnsmasq.conf | |
## file. See also, the below link. | |
## https://github.com/pivpn/pivpn/wiki/FAQ#installing-with-pi-hole | |
listen-address=127.0.0.1 | |
listen-address=10.8.0.1 | |
listen-address=[[ip of your pihole]] | |
## Create an OpenVPN client file for each device | |
## you will connect to the VPN | |
pivpn -a | |
##### OPTIONAL SECTION ##### | |
## Follow the instructions for setting up | |
## OpenVPN with Duo Security multi-factor | |
## authentication. Skip step 4 - it has an old | |
## link - and instead pull the file from the | |
## “Build and Install the Plugin” section. Don’t | |
## forget to replace IKEY SKEY HOST. | |
## https://duo.com/docs/openvpn | |
## | |
## Set up a User in Duo for each client device. | |
## The client device name is the User name and | |
## can be changed only by creating a new OVPN | |
## file. Add these lines to each OVPN client file, | |
## as instructed in the Duo setup instructions. | |
auth-user-pass | |
reneg-sec 0 | |
## Import the OVPN files into your OpenVPN | |
## client. It’s kind of confusing, but the password | |
## you use dictates how you’ll authenticate. See | |
## the setup guide for Duo Security. | |
## | |
## Probably best to use ‘push’ if you’re going to | |
## save the password, as it’s most likely to work | |
## in most circumstances if/when you forget. | |
##### OPTIONAL SECTION ##### | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment